Until today yesterday, I still hesitated to adopt the feed aggregation service from FeedBurner. The main concern is the branding. I would rather secure the feed under the umbrella of my own domain than give it to a bunch of geeks in the silicon valley, no offense, even though the company is most unlikely to go bankruptcy tomorrow and they respect “Do not be evil” motto.

FeedBurner respects such kind of concern and they give the Pro feature, aka you have to pay the premium, MyBrand for free. The only action you should take is to add a CNAME entry in your DNS server:

My scenario is a little bit complicated here. This website is hosted in Jumpline.com while the domain name is registered in 1and1. So I assumed that the CNAME should be added in the 1and1 side as this:

It seemed not working, so I contacted the customer service twice, and they assured me they took care of it, and it would take a little bit of time for DNS propagation. I also tried to update the CNAME in Jumpline’s DNS control panel, and it kept complaining as this:

Eventually, this yesterday morning, I contacted the custom service of 1and1 again, and this time the gentleman confirmed that they could do nothing here and I needed to contact my web hosting company instead. The first time I contacted Jumpline, the custom service representative pinpointed the bug: the very last dot in the domain name is missing.

What a stupid mistake! If I could take a little bit more time reading the help page of FeedBurner or more adventurous to RTFM of BIND, I would not waste the time for the pleasant phone conversation with technical support.

Never, ever oversee the code however confident you are.

If you would rather take a longer route to setup your wireless network, instead of the shortcut, rushing to Circuit City to get one wireless AP/router, please tight your seat belt and follow my guidance, and keep it in mind: your miles may vary.

I happen to have one Pentium III Gentoo box as my file server, and one Encore ENLWI-G Wireless G PCI Adapter, how about setup a wireless network for my Dell 700m laptop, so I can surf the web, write blog in the bed?

Drive it with caution

First, we need to find an appropriate driver for this card, as many short-sighted vendors, Marvell does not ship native driver for non-Windows platform, the good news is we have the ndiswrapper to rescue.

For unknown reason, ndiswrapper keeps crashing in gentoo-sources-2.6.17-r8, so I just copy the .config and update the kernel to gentoo-sources-2.6.20-r8, that is proven to be a disastrous decision[1].

Slow down, acrossing the bridge

Bridge seems to make more sense than any other approaches, the Gentoo box would bridge 802.11 wireless network and 802.3 ethernet with the following advantage:

• Less hassle in the server side: enable 802.1d Ethernet Bridging support in the kernel, and emerge bridge-utils in the userland, done.
• Transparent to the users: the wireless network is the extension of the ethernet, as if the users are connected to wireless router.

I am following this HOWTO, and here is the sample configuration of /etc/conf.d/net:

To have net.wlan0, net.br0 services:

Restart the desktop, in laptop, set the ESSID to hippo with key[2], then dhcpcd wlan0, try to ping the bridge, then the router. Oops, although we get the correct IP from the top-level ADSL router(192.168.15.1), and get the replay from the bridge, we fail to connect to any other hosts. I have tried different combinations of bridge and netfilter, and eventually found Bridging Mini-HOWTO:

Q: Machines on one side cannot ping the other side!
A: …
# Did you put the interfaces into promiscuous mode? (issue the ifconfig command. The PROMISC flag should be on for both interfaces.)

ndiswrapper does not support promiscuous mode, it is most likely that the incoming packages are not forwarded to the eth0 interface. But how come the dhcpcd works? If you have further explanation, please drop a message in the comment.

Next Services, 240 Miles

It seems we are going to have a long way to go, if eth0 and wlan0 works solely, we can always use iptables to forward the packages.

Unfortunately, iptables always complained that the kernel is not setup correctly, though I strictly followed The Gentoo Home Router Guide, searched the forums, and found the trick is to start the kernel configuration from the scratch to unleash the hidden options. //sigh

The succeeding setting is quite straightforward, just setup one sub networks in each NIC in the desktop, then use iptables to forward/NAT the packages between the them. Check this post:

To eliminate the burden of ifconfig/ipconfig, we may run a DHCP relay service in the router, one of lightweight dhcp/dns implementations is dnsmasq. Here is the sample /etc/dnsmasq.conf:

The network architecture is as:

Troubleshooting

[1] The menuconfig is screwed up by the old configuration, to show all the options, it is suggested to configure the kernel from the scratch.

[2] When laptop joins the Ad-hoc wireless network, the desktop may not discover the newcomer, so we have to explicitly set the ESSID of desktop again. I am not quite sure whether this is required by Ad-hoc network or the flaw of the device driver.

I’ve been using Cisco VPN client to access GWireless and Penn State Wireless for quite a long time since I managed to get it work. Two things bother me, the notice in dmesg

and that the Cisco VPN client stops working after a period inactivity. It fails to connect the Virtual Adapter once it disconnects, I have to restart the machine to get it work again.

Here is an alternative application vpnc in the portage. Before we move to the next step, we need enable Device Drivers | Network device support | Universal TUN/TAP device driver support in Linux kernel. David Ramsden hacked a script to convert the Cisco VPN Client’s profile to vpnc configuration file. Copy the converted conf to /etc/vpnc/default.conf and start the vpnc service. Done.

Current /etc/init.d/vpnc does not support profiles, I might hack a patch to cope with this problem later.

Meebo is a Web 2.0 application that supports several IM protocols, AIM, Yahoo, MSN and GTalk. It paves the way for user who are behind the firewall to communicate with the rest world. However, as other IMs, the conversation between you and your buddies are not encrypted via SSL for the sake of server overload. the private talk is more or less like broadcast to the IT staff. How to secure my Meebo talk?

We can use SSH tunnel to encrypt the conversation. The idea is we run a proxy server in the trusted remote machine, and bring the proxy port(for example, 3128) to local by using the ssh tunneling, then use the localhost:3128 as the web proxy for all the Meembo traffic.

A trusted remote machine

First, we need a remote machine that is trusted. You can use your PC at home, or donate 1$ to Silence is defeat to open a unix account.

NOTE: Silence is defeat shutdown the PayPal payment right now, the following method is verified in one Linux box at home.

Install the proxy server

Grab the latest version of squid, and build it.

You need to setup the squid before run it. Open ${HOME}/etc/squid.conf.example, uncomment the http_port directive, enable the access to all users, and save it to ${HOME}/etc/squid.conf

You might need to change the port number to one non-used port; the allow all policy is not that scaring, since squid is not running in privileged mode, port 3128 is not open to the outside, only local users can access the proxy service. Run the service for you:

Tunnel it

You need an SSH client, (OpenSSH for Linux, Mac OSX, Putty for Windows). For Linux, Mac OSX users,

and keep this terminal open. For Windows user, here is an illustrated HOWTO.

Test it

Change the connection setting of your browser to localhost 3128. You are all done.
Bonus: all the browser session are secured by SSH, you could even surf the porn site without the notice of the IT department, just for kidding. :-)

Tor is well known as the anonymous Internet communication network, the common practice is to bind tor with privoxy for the anonymous network surfing.

Beyond of this, tor also open a tunnel on the firewall. Suppose you live in irc.freenode.net but the port 6667 is blocked by the firewall. You can torify irssi to using the hidden service, and keep you IP private, — one stone kills two birds!

Add this line to /etc/tor/torrc

Run irssi in torified mode:

In irssi, /conn 10.40.40.40 to access irc.freenode.net

If you don’t have the privilege to access /etc/tor/torrc, you need socat to relay the tor network to your local socket proxy:

Then you can run irssi and /conn localhost

There is a more detailed HOWTO about the onion router.